Inside university servers, unauthorized pages are planted by hackers. No schools that were contacted had any idea the pages existed. The pages sent more money and traffic to the hackers, though it doesn’t appear any personal info was breached.
Hacker pages on higher Ed websites
To create these unauthorized pages, these hackers exploited security holes in departmental, student, and uploading functionality. These web sites seem to send traffic to web sites that are for-profit. The links on these college websites helped the hackers improve search engine rankings, as well as creating the appearance that the university was endorsing the page. When university webmasters and I.T. departments were contacted, they confirmed that they weren’t aware of these sites. Universities were already removing these pages as of 3 p.m. Wednesday afternoon.
Ohio business Street Smarts linked to hacked pages
The company in Ohio called Street Smarts owns the domain names that these unauthorized pages link to. Attempts to call Street Smarts resulted only in being told “wrong number” when asking for the business or the technical contact listed on the site registration. Shortly after these phone calls, these web sites were taken offline. In 2008, there was a hack of both government and educational websites. The 2008 attack, rather than loading websites onto dot-gov and dot-edu websites, used JavaScript to redirect those pages to latest-mortgages-rates.com, creditloansrates.com, and myhome-loan-expert.com. There is a phone number that is out of service in Texas listed on the educational web sites hacked. That phone number is also used on hundreds of sites with the JavaScript redirect posted in 2008. The code on the redirected and unauthorized websites appear to be nearly identical in CSS, JS, and HTML. Both attacks were likely perpetrated by the exact same business, in other words.
Was personal data at risk
This hacking of educational sites exploits the good name of schools and tries to make money off phony info. Thankfully, it doesn’t appear that the security holes that allowed these sites to be posted allowed any information out. Put simply, hackers could get data in, but not out. If security holes like this aren’t fixed, though, they can later be used to gain access to information like social security numbers. With a majority of the administration of higher education happening online, it is essential that universities and colleges make sure that private details remain just that – private.
The true danger of security exploits
Security breaches like this mean that scammers are more effortlessly gathering personal details without site visitors ever knowing. On first glance, these hacker-created websites appear to belong on the dot-edu servers. Visitors who go to these sites and enter personal details could possibly be opening themselves up to identity theft and fraud.
Schools which were affected
The colleges, universities, and educational institutions affected by this attack aren’t listed in complete here. This is only the first 50 schools that appeared in a search for unauthorized pages. If you are the administrator or webmaster for a dot-edu or dot-gov domain, you should ensure your domain doesn’t contain unauthorized pages.
- Beacon University
- Harvard University
- McNeese University
- Northeastern Illinois University
- Cornell University
- Georgia Tech
- The Browning School
- Valparaiso University
- Los Rios Community College District
- East Central University of Oklahoma
- Rutgers University
- Yale University
- University of Texas Medial Branch
- Stony Brook University
- Saint Xavier University
- Hardin Simmons University
- Arizona State University
- Stanford University
- Austin Independent School District
- Smith College of Massachusetts
- Highpoint University
- Rensselaer Polytechnic Institute
- Catholic Theological Union
- University of Washington
- Westminster Theological Seminary
- Lake Forest College in Chicago
- Southeastern Louisiana University
- American Samoa Community College
- Columbia College of Chicago
- University of Arkansas Fort Smith
- UC San Diego
- University of Scranton
- Piedmont Technical College
- Assumption University of Thailand
- Chemeketa Community College
- Information Sciences Institute at the University of Southern California
- University of Tennessee Martin
- The City University of New York
- Milwaukee Institute of Art & Design
- Instituto Guatemalteco Americano
- The University of Utah
- Juniata College
- Ohio State
- California State Christian University
- Sharif University of Technology
- The University of North Carolina at Chapel Hill
- Brigham Young University
- The University of Arkansas
- The University of Virginia
